Cyber threats are spreading, becoming more dangerous

Cyber threats are becoming not only more dangerous, they are falling into the hands of more people, said former White House security advisor Tom Donilon.

FOSE 2014

Find out about the keynotes, programs, sessions and exhibits featured at this year's FOSE conference and expo. Read more.

“We have to assume that the sophistication and prevalence of threats are going to grow,” Donilon told an audience Tuesday at the FOSE technology trade show in Washington, D.C., presented by 1105 Media, parent company of GCN.

The threats are coming not only from nation states and organized criminal groups, but also from individuals, as is evidenced by the actions of former National Security Agency contractor Edward Snowden. That has been “tremendously damaging,” he said.

Agencies need to learn the lessons of the Snowden breach, an insider threat that illustrates the importance of implementing cybersecurity at the individual level, Donilon said. “We need to ask, ‘How did this happen, what were the security flaws and what needs to be done to ensure that it doesn’t happen again?’”

Snowden's actions have done damage on a number of fronts, but the more lasting is that done to the U.S. technology industry. Because data was being gathered by the NSA from large American Internet and communications companies, U.S. technology is now suspect.

“In the wake of the revelations, rebuilding trust in the organizations, both public and private, and in the programs is essential,” Donilon said. Other threats -- which include cyber espionage, criminal activity, theft of intellectual property and attacks on critical infrastructure -- also need to be guarded against.

Protecting critical infrastructure is the joint responsibility of the public and private sectors, he said. Some progress has been made, but much remains to be done in the implementation of best practices and information sharing.

In the absence of congressional action on critical infrastructure protection, the administration has produced a framework that promotes the voluntary adoption of best security practices by privately owned and operated infrastructure.

We cannot assume that any cyber threat will be confined to any actor, and proliferation among organizations and nation states must be expected, Donilon said. To counter them, we need more dynamic, cooperative security efforts, based on international norms of online behavior.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

inside gcn

Reader Comments

Wed, May 14, 2014

Cyber threats are spreading because even though IT and cyber may know what to implement they are constantly having their budgets slashed yearly by OMB. Best Practices including good computer hygience are not being funded at even maintenance level let alone improvement levels. The cloud is not secure and now unclassified cyber is being forced to be less secure. It sure seems designed to create incidents and drive the data to a couple of crony cloud vendors. But in the end when the cloud vendors can't secure the federal data, it will not be the fault of the Cloud vendors or the White House or Congress but the CIO or CISO who were forced to make bad choices with little resources. Yes, those bad feds once again the strawmen fallguys.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.